Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Not Behaving As It Should


  • This topic is locked This topic is locked
10 replies to this topic

#1 ankit_768

ankit_768

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 29 June 2012 - 02:00 PM

Hi Guys,

Here is my story :-

2 days back, I was watching a movie when suddenly my laptop restarted without even asking me. While restarting, it updated some registries. Once restarted, my Microsoft Security Essentials's Real Protection is turned off. When i try to turn it on, I get timeout message. Also my Windows Update is not working. After checking in services.msc, both Windows Update & BITS service are not present. Also, when creating a new User account, a folder in C:\Users is not getting created.

These are the issues. I have noticed till now. There may be many more issues.

What do u guys think? Am i infected or not?

To confirm what should I do & what should be plan of action. Please help

-Ankit

BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:08:15 AM

Posted 29 June 2012 - 02:38 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

also

Please Download Malwarebytes AKA MBAM

Update Malwarebytes via the update tab.
Run a full scan
Please post the results

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to
include the top portion which shows MBAM's database version and your operating system.

#3 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 29 June 2012 - 02:45 PM

Thanks for replying.

MALWAREBYTES SCAN is running. I will post its results later.

For now, I am posting MiniToolBox's Result.txt

MiniToolBox by Farbar  Version: 25-06-2012
Ran by ankit (administrator) on 30-06-2012 at 01:10:45
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)
Dell Wireless 1520 Wireless-N WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="ethernet_11" address=192.168.186.1 mask=255.255.255.0
add address name="Wireless Network Connection" address=169.254.138.13 mask=255.255.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : ankit-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

PPP adapter AIRCELGPRS:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : AIRCELGPRS
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 49.137.151.241(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 202.148.202.4
                                       202.148.200.3
   Primary WINS Server . . . . . . . : 10.11.12.13
   Secondary WINS Server . . . . . . : 10.11.12.14
   NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Dell Wireless 1520 Wireless-N WLAN Mini-Card
   Physical Address. . . . . . . . . : C4-17-FE-60-96-68
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-24-E8-83-0B-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{773E9BED-CB3D-4BA6-8C1E-2C2D6561B559}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{974EEB19-5E4F-4402-971E-B4B974D99C19}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns2.dwl.co.in
Address:  202.148.202.4

Name:    google.com
Addresses:  2404:6800:4007:803::1001
	  74.125.236.193
	  74.125.236.194
	  74.125.236.195
	  74.125.236.196
	  74.125.236.197
	  74.125.236.198
	  74.125.236.199
	  74.125.236.200
	  74.125.236.201
	  74.125.236.206
	  74.125.236.192


Pinging google.com [173.194.38.162] with 32 bytes of data:
Reply from 173.194.38.162: bytes=32 time=236ms TTL=53
Reply from 173.194.38.162: bytes=32 time=236ms TTL=53

Ping statistics for 173.194.38.162:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 236ms, Maximum = 236ms, Average = 236ms
Server:  dns2.dwl.co.in
Address:  202.148.202.4

Name:    yahoo.com
Addresses:  98.139.183.24
	  209.191.122.70
	  72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=494ms TTL=47
Reply from 72.30.38.140: bytes=32 time=472ms TTL=47

Ping statistics for 72.30.38.140:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 472ms, Maximum = 494ms, Average = 483ms
Server:  dns2.dwl.co.in
Address:  202.148.202.4

Name:    bleepingcomputer.com
Address:  208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 30...........................AIRCELGPRS
 11...c4 17 fe 60 96 68 ......Dell Wireless 1520 Wireless-N WLAN Mini-Card
 10...00 24 e8 83 0b 4c ......Broadcom NetLink (TM) Gigabit Ethernet
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         On-link    49.137.151.241     31
   49.137.151.241  255.255.255.255         On-link    49.137.151.241    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link    49.137.151.241     31
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link    49.137.151.241    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/29/2012 11:00:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/29/2012 03:17:59 AM) (Source: MsiInstaller) (User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/29/2012 03:09:26 AM) (Source: MsiInstaller) (User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/29/2012 03:07:19 AM) (Source: MsiInstaller) (User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1921. Service 'Cryptographic Services' (CRYPTSVC) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (06/29/2012 03:01:34 AM) (Source: MsiInstaller) (User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/29/2012 03:01:33 AM) (Source: MsiInstaller) (User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/29/2012 03:01:30 AM) (Source: MsiInstaller) (User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/29/2012 03:00:58 AM) (Source: MsiInstaller) (User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/29/2012 02:08:41 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume OS (C:) was not defragmented because an error was encountered: Access is denied. (0x80070005)

Error: (06/28/2012 11:08:47 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (06/30/2012 00:23:18 AM) (Source: DCOM) (User: ankit-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ankit-PCankitS-1-5-21-1932034162-1429423559-2159203037-1000LocalHost (Using LRPC)

Error: (06/29/2012 11:59:53 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.129.483.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (06/29/2012 11:50:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
McPvDrv
MpFilter

Error: (06/29/2012 11:49:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

	Feature: %%835

	Error Code: 0x8007001f

	Error description: A device attached to the system is not functioning. 

	Reason: %%837

Error: (06/29/2012 11:49:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

	Feature: %%834

	Error Code: 0x8007001f

	Error description: A device attached to the system is not functioning. 

	Reason: %%837

Error: (06/29/2012 11:49:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

	Feature: %%835

	Error Code: 0x8007001f

	Error description: A device attached to the system is not functioning. 

	Reason: %%842

Error: (06/29/2012 11:49:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

	Feature: %%834

	Error Code: 0x8007001f

	Error description: A device attached to the system is not functioning. 

	Reason: %%842

Error: (06/29/2012 11:28:34 PM) (Source: DCOM) (User: ankit-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ankit-PCankitS-1-5-21-1932034162-1429423559-2159203037-1000LocalHost (Using LRPC)

Error: (06/29/2012 10:32:46 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.129.483.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (06/29/2012 10:22:24 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (06/29/2012 11:00:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (06/29/2012 03:17:59 AM) (Source: MsiInstaller)(User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/29/2012 03:09:26 AM) (Source: MsiInstaller)(User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/29/2012 03:07:19 AM) (Source: MsiInstaller)(User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1921. Service 'Cryptographic Services' (CRYPTSVC) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/29/2012 03:01:34 AM) (Source: MsiInstaller)(User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/29/2012 03:01:33 AM) (Source: MsiInstaller)(User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/29/2012 03:01:30 AM) (Source: MsiInstaller)(User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/29/2012 03:00:58 AM) (Source: MsiInstaller)(User: ankit-PC)ankit-PC
Description: Product: Microsoft Fix it 50202 -- Error 1920. Service 'BITS' (BITS) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/29/2012 02:08:41 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: OS (C:)Access is denied. (0x80070005)

Error: (06/28/2012 11:08:47 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


=========================== Installed Programs ============================

Accelerometer (Version: 1.06.08.17)
Adobe AIR (Version: 2.7.0.19480)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 10.9.0.40908)
ATI Catalyst Install Manager (Version: 3.0.741.0)
AviSynth 2.5
Bing Desktop (Version: 1.0.45.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Full Existing (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Full New (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Light (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Previews Common (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0908.2225.38429)
Catalyst Control Center InstallProxy (Version: 2009.0908.2225.38429)
Catalyst Control Center Localization All (Version: 2009.0908.2225.38429)
ccc-core-static (Version: 2009.0908.2225.38429)
ccc-utility64 (Version: 2009.0908.2225.38429)
CCC Help Chinese Standard (Version: 2009.0908.2224.38429)
CCC Help Chinese Traditional (Version: 2009.0908.2224.38429)
CCC Help Danish (Version: 2009.0908.2224.38429)
CCC Help Dutch (Version: 2009.0908.2224.38429)
CCC Help English (Version: 2009.0908.2224.38429)
CCC Help Finnish (Version: 2009.0908.2224.38429)
CCC Help French (Version: 2009.0908.2224.38429)
CCC Help German (Version: 2009.0908.2224.38429)
CCC Help Italian (Version: 2009.0908.2224.38429)
CCC Help Japanese (Version: 2009.0908.2224.38429)
CCC Help Korean (Version: 2009.0908.2224.38429)
CCC Help Norwegian (Version: 2009.0908.2224.38429)
CCC Help Portuguese (Version: 2009.0908.2224.38429)
CCC Help Russian (Version: 2009.0908.2224.38429)
CCC Help Spanish (Version: 2009.0908.2224.38429)
CCC Help Swedish (Version: 2009.0908.2224.38429)
CodeBlocks (Version: 10.05)
Competition Arena
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
DHTML Editing Component (Version: 6.02.0001)
FastAccess (Version: 2.4.7.1)
Internet Download Manager
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
Java(TM) SE Development Kit 6 Update 20 (Version: 1.6.0.200)
Junk Mail filter update (Version: 15.4.3502.0922)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
LizardTech DjVu Control
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (Version: 9.0.30729.4048)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MMX353G 3G USB Manager version 5.530
Mozilla Firefox 4.0.1 (x86 en-US) (Version: 4.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Network Recording Player (Version: 28.0.100.321)
Nokia Connectivity Cable Driver (Version: 7.1.27.0)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86)
Notepad++ (Version: 5.9.3)
PC Connectivity Solution (Version: 10.5.1.0)
pdfsam (Version: 2.2.1)
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.10)
Realtek High Definition Audio Driver (Version: 6.0.1.5928)
Roxio Burn (Version: 1.01)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Subtitle Edit v3.2.2 (Version: 3.2.2)
Synaptics Pointing Device Driver (Version: 14.0.4.0)
TeamViewer 7 (Version: 7.0.12799)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.1 (Version: 2.0.1)
WebEx
WIDCOMM Bluetooth Software (Version: 6.2.0.9603)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
WordWeb (Version: 6)
ZTE Dialer

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 2996.52 MB
Available physical RAM: 983.47 MB
Total Pagefile: 5991.24 MB
Available Pagefile: 3740.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3956.03 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:150.15 GB) (Free:6.63 GB) NTFS
3 Drive e: () (Fixed) (Total:69.01 GB) (Free:3.56 GB) NTFS
4 Drive f: (Local Disk) (Fixed) (Total:69.61 GB) (Free:0.25 GB) NTFS
6 Drive h: (SUDHANSHU) (Removable) (Total:1.87 GB) (Free:0.76 GB) FAT32

========================= Users: ========================================

User accounts for \\ANKIT-PC

Administrator            ankit                    Guest                    


**** End of log ****



#4 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:08:15 AM

Posted 29 June 2012 - 03:14 PM

Once we see if you have an infection and get it cleaned-up you should update Java and Firefox. Both are behind and can be a security risk. You should get your updates from there manufacturers web site.

I will wait for your MBAM log.

#5 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 29 June 2012 - 03:18 PM

Thanks again.

I will definitely update both of them.

MBAM is running.

Also, I ran GMER earlier today as well. If you want that log I can give that also.

#6 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:08:15 AM

Posted 29 June 2012 - 03:26 PM

That would be great. Thanks.

#7 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 29 June 2012 - 03:28 PM

Here is the MBAM log :-

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ankit :: ANKIT-PC [administrator]

30-06-2012 AM 12:13:08
mbam-log-2012-06-30 (01-56-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 557049
Time elapsed: 1 hour(s), 43 minute(s), 2 second(s)

Memory Processes Detected: 1
C:\Users\ankit\AppData\Roaming\Izowteo\ehlatu.exe (Trojan.ZbotR.Gen) -> 3340 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{28B081F3-491F-2F70-A604-EE20A60A1B68} (Trojan.ZbotR.Gen) -> Data: C:\Users\ankit\AppData\Roaming\Izowteo\ehlatu.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\ankit\AppData\Roaming\Izowteo\ehlatu.exe (Trojan.ZbotR.Gen) -> No action taken.

(end)



#8 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 29 June 2012 - 03:29 PM

GMER Log :-

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-30 01:41:56
Windows 6.1.7601 Service Pack 1 
Running: 0rlmbz52.exe


---- Services - GMER 1.0.15 ----

Service  System32\Drivers\de121f633872f609.sys (*** hidden *** )                                                                                                                                                                              [BOOT] de121f633872f609                             <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e                                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e@001fdfabddac                                                                                                                                             0x50 0x9B 0xC3 0x4E ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e@0025482fd3ed                                                                                                                                             0x32 0x1F 0x4E 0x27 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e@347e39cd9c69                                                                                                                                             0xDE 0xCE 0x9A 0xAD ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e@002668b2c3ee                                                                                                                                             0xBE 0x9A 0x8F 0x1B ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e@0025d043a524                                                                                                                                             0x31 0x71 0x41 0x4D ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e@e4ec10816903                                                                                                                                             0x17 0x09 0x6A 0x34 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e@60a10a018094                                                                                                                                             0xD3 0x39 0x99 0xEE ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5cdb36e@001f01691ff3                                                                                                                                             0x7B 0x12 0x20 0x6A ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@ImagePath                                                                                                                                                                    \SystemRoot\System32\Drivers\de121f633872f609.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@Group                                                                                                                                                                        Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@ErrorControl                                                                                                                                                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@Type                                                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@Start                                                                                                                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@Tag                                                                                                                                                                          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@DisplayName                                                                                                                                                                  syshost.exe
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e (not active ControlSet)                                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e@001fdfabddac                                                                                                                                                 0x50 0x9B 0xC3 0x4E ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e@0025482fd3ed                                                                                                                                                 0x32 0x1F 0x4E 0x27 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e@347e39cd9c69                                                                                                                                                 0xDE 0xCE 0x9A 0xAD ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e@002668b2c3ee                                                                                                                                                 0xBE 0x9A 0x8F 0x1B ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e@0025d043a524                                                                                                                                                 0x31 0x71 0x41 0x4D ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e@e4ec10816903                                                                                                                                                 0x17 0x09 0x6A 0x34 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e@60a10a018094                                                                                                                                                 0xD3 0x39 0x99 0xEE ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5cdb36e@001f01691ff3                                                                                                                                                 0x7B 0x12 0x20 0x6A ...
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@ImagePath                                                                                                                                                                        \SystemRoot\System32\Drivers\de121f633872f609.sys
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@Group                                                                                                                                                                            Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@ErrorControl                                                                                                                                                                     0
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@Type                                                                                                                                                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@Start                                                                                                                                                                            0
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@Tag                                                                                                                                                                              1
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@DisplayName                                                                                                                                                                      syshost.exe

---- Files - GMER 1.0.15 ----

File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35445064\comment-reply[1].js                                                                                                                 786 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\35445064\da7b62814341e663f59174b7467797ce[1].htm                                                                                             0 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Y4ND1UB\topic_top;ctx=3_170_m;ctx=2_428_m;ctx=2_78_m;ips=none;ppos=atf;kw=;tile=1;sz=728x90;ord=9954806758986384;an=;bu=319;br=15186[1].js  0 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Y4ND1UB\ptjCAF22R2F.js                                                                                                                      246 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A59CTUGP\topic_top;ctx=2_78_l;ctx=3_158_l;ips=none;ppos=atf;kw=;tile=1;sz=970x90,728x90;ord=3973713467395681;an=;bu=;br=[1].js               370 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A59CTUGP\gmail_com[1].htm                                                                                                                    225 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A59CTUGP\accept[1].png                                                                                                                       781 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A59CTUGP\ptjCAVGKAUC.js                                                                                                                      233 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A59CTUGP\fastbuttonCAHCME0J.htm                                                                                                              13967 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A59CTUGP\adsCAFI9VON.htm                                                                                                                     7021 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AVVVVGQD\adServerCAEUTM78.htm                                                                                                                4669 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AVVVVGQD\__utmCAN5SUVN.gif                                                                                                                   35 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L06DJXKV\forum103[1].htm                                                                                                                     129098 bytes
File     C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z8IUF9V7\sortasc[1].gif                                                                                                                      80 bytes
File     C:\Users\ankit\AppData\Roaming\Microsoft\Windows\Cookies\Low\DQJQR5WJ.txt                                                                                                                                                            1213 bytes
File     C:\Users\ankit\AppData\Roaming\Microsoft\Windows\Cookies\Low\LSYAREI1.txt                                                                                                                                                            372 bytes

---- EOF - GMER 1.0.15 ----



#9 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:08:15 AM

Posted 29 June 2012 - 03:48 PM

It looks like you are infected!

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

#10 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 29 June 2012 - 04:16 PM

Thanks for all the help.

Created a new topic following your steps.

Hope to get my laptop back to normal again.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:15 AM

Posted 30 June 2012 - 10:07 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users